CVE-2008-6541
published 2009-03-30CVE-2008-6541: Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain…
PriorityP433medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.01%
58.6th percentile
Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dnnsoftware | dotnetnuke | <= 4.8.1 | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
| dnnsoftware | dotnetnuke | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
DotNetNuke up to 4.8.1 File Upload input validation (BID-28438 / SA29488)
vuldb·2026-04-29·CVSS 6.8
CVE-2008-6541 [MEDIUM] DotNetNuke up to 4.8.1 File Upload input validation (BID-28438 / SA29488)
A vulnerability, which was classified as critical, has been found in DotNetNuke. This vulnerability affects unknown code of the component File Upload. Performing a manipulation results in improper input validation.
This vulnerability is identified as CVE-2008-6541. The attack can be initiated remotely. There is not any exploit available.
It is advisable to upgrade the affected component.
GHSA
GHSA-hc93-58pv-v5gr: Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4
ghsa_unreviewed·2022-05-17
CVE-2008-6541 [MEDIUM] CWE-20 GHSA-hc93-58pv-v5gr: Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4
Unrestricted file upload vulnerability in the file manager module in DotNetNuke before 4.8.2 allows remote administrators to upload arbitrary files and gain privileges to the server via unspecified vectors.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://osvdb.org/43719http://secunia.com/advisories/29488http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno11/tabid/1147/Default.aspxhttp://www.securityfocus.com/bid/28438http://osvdb.org/43719http://secunia.com/advisories/29488http://www.dotnetnuke.com/News/SecurityBulletins/SecurityBulletinno11/tabid/1147/Default.aspxhttp://www.securityfocus.com/bid/28438
2009-03-30
Published